Using the VS Code extension with self-signed certificates
You can still use the GitLab Workflow extension for VS Code even if your GitLab instance uses a self-signed SSL certificate.
If you also use a proxy to connect to your GitLab instance, let us know in issue 314. If you still have connection problems after completing these steps, review epic 6244, which links to all existing SSL issues for the GitLab Workflow extension.
Use the extension with a self-signed CA
Prerequisites:
- Your GitLab instance uses a certificate signed with a self-signed certificate authority (CA).
-
Ensure your CA certificate is correctly added to your system for the extension to work. VS Code reads the system certificate store, and changes all node
http
requests to trust the certificates:graph LR; A[Self-signed CA] -- signed --> B[Your GitLab instance certificate]For more information, see Self-signed certificate error when installing Python support in WSL in the Visual Studio Code issue queue.
- In your VS Code
settings.json
, set"http.systemCertificates": true
. The default value istrue
, so you might not need to change this value. - Follow the instructions for your operating system:
Windows
Make sure you can see your self-signed CA in your certificate store:
- Open the command prompt.
- Run
certmgr
. - Make sure you see your certificate in Trusted Root Certification Authorities > Certificates.
Linux
5.14.3-arch1-1
and VS Code 1.60.0.- Use your operating system’s tools to confirm you can add our self-signed CA to your system:
-
update-ca-trust
(Fedora, RHEL, CentOS) -
update-ca-certificates
(Ubuntu, Debian, OpenSUSE, SLES) -
trust
(Arch)
-
- Confirm the CA certificate is in
/etc/ssl/certs/ca-certificates.crt
or/etc/ssl/certs/ca-bundle.crt
. VS Code checks this location.
MacOS
Make sure you see the self-signed CA in your keychain:
- Go to Finder > Applications > Utilities > Keychain Access.
- In the left-hand column, select System.
- Your self-signed CA certificate should be on the list.